package org.geomajas.plugin.staticsecurity.ldap;

import com.unboundid.ldap.sdk.BindResult;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.validation.constraints.NotNull;
import org.geomajas.annotation.Api;
import org.geomajas.plugin.staticsecurity.configuration.AuthorizationInfo;
import org.geomajas.plugin.staticsecurity.configuration.NamedRoleInfo;
import org.geomajas.plugin.staticsecurity.configuration.UserInfo;
import org.geomajas.plugin.staticsecurity.security.AuthenticationService;
import org.geomajas.plugin.staticsecurity.security.UserDirectoryService;
import org.geomajas.plugin.staticsecurity.security.dto.AllUserFilter;
import org.geomajas.plugin.staticsecurity.security.dto.AndUserFilter;
import org.geomajas.plugin.staticsecurity.security.dto.OrUserFilter;
import org.geomajas.plugin.staticsecurity.security.dto.RoleUserFilter;
import org.geomajas.plugin.staticsecurity.security.dto.UserFilter;
import org.geomajas.plugin.staticsecurity.security.dto.UserFilterVisitor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Api
/* loaded from: input_file:org/geomajas/plugin/staticsecurity/ldap/LdapAuthenticationService.class */
public class LdapAuthenticationService implements AuthenticationService, UserDirectoryService {

    @NotNull
    private String serverHost;
    private boolean allowAllSocketFactory;

    @NotNull
    private String userDnTemplate;
    private String allUsersDn;
    private String givenNameAttribute;
    private String surNameAttribute;
    private String localeAttribute;
    private String organizationAttribute;
    private String divisionAttribute;
    private String rolesAttribute;
    private List<AuthorizationInfo> defaultRole;
    private Map<String, List<NamedRoleInfo>> namedRoles;
    private Map<String, Set<String>> ldapRoleMapping;

    @Api
    public static final Filter ALL = Filter.createEqualityFilter("objectclass", "person");

    @Api
    public static final Filter NONE = Filter.createNOTFilter(ALL);

    @Api
    public static final String DEFAULT_ROLE_NAME = "ROLE_DEFAULT";
    private final Logger log = LoggerFactory.getLogger(LdapAuthenticationService.class);
    private int serverPort = 636;

    /* loaded from: input_file:org/geomajas/plugin/staticsecurity/ldap/LdapAuthenticationService$LdapFilterVisitor.class */
    class LdapFilterVisitor implements UserFilterVisitor {
        LdapFilterVisitor() {
        }

        public Object visit(UserFilter userFilter, Object obj) {
            return LdapAuthenticationService.this.convert(userFilter);
        }

        public Object visit(AndUserFilter andUserFilter, Object obj) {
            ArrayList arrayList = new ArrayList();
            Iterator it = andUserFilter.getChildren().iterator();
            while (it.hasNext()) {
                arrayList.add((Filter) ((UserFilter) it.next()).accept(this, obj));
            }
            return Filter.createANDFilter(arrayList);
        }

        public Object visit(OrUserFilter orUserFilter, Object obj) {
            ArrayList arrayList = new ArrayList();
            Iterator it = orUserFilter.getChildren().iterator();
            while (it.hasNext()) {
                arrayList.add((Filter) ((UserFilter) it.next()).accept(this, obj));
            }
            return Filter.createORFilter(arrayList);
        }

        public Object visit(RoleUserFilter roleUserFilter, Object obj) {
            ArrayList arrayList = new ArrayList();
            for (String str : LdapAuthenticationService.this.ldapRoleMapping.keySet()) {
                if (((Set) LdapAuthenticationService.this.ldapRoleMapping.get(str)).contains(roleUserFilter.getName())) {
                    arrayList.add(Filter.createEqualityFilter(LdapAuthenticationService.this.rolesAttribute, str));
                }
            }
            return Filter.createORFilter(arrayList);
        }

        public Object visit(AllUserFilter allUserFilter, Object obj) {
            return LdapAuthenticationService.ALL;
        }
    }

    @Api
    public void setServerHost(String str) {
        this.serverHost = str;
    }

    @Api
    public void setServerPort(int i) {
        this.serverPort = i;
    }

    @Api
    public void setAllowAllSocketFactory(boolean z) {
        this.allowAllSocketFactory = z;
    }

    @Api
    public void setUserDnTemplate(String str) {
        this.userDnTemplate = str;
    }

    @Api
    public void setAllUsersDn(String str) {
        this.allUsersDn = str;
    }

    @Api
    public void setGivenNameAttribute(String str) {
        this.givenNameAttribute = str;
    }

    @Api
    public void setSurNameAttribute(String str) {
        this.surNameAttribute = str;
    }

    @Api
    public void setLocaleAttribute(String str) {
        this.localeAttribute = str;
    }

    @Api
    public void setOrganizationAttribute(String str) {
        this.organizationAttribute = str;
    }

    @Api
    public void setDivisionAttribute(String str) {
        this.divisionAttribute = str;
    }

    @Api
    public void setRolesAttribute(String str) {
        this.rolesAttribute = str;
    }

    public String getRolesAttribute() {
        return this.rolesAttribute;
    }

    public List<AuthorizationInfo> getDefaultRole() {
        return this.defaultRole;
    }

    @Api
    public void setDefaultRole(List<AuthorizationInfo> list) {
        this.defaultRole = list;
    }

    @Api
    public void setRoles(Map<String, List<AuthorizationInfo>> map) {
        HashMap hashMap = new HashMap();
        for (String str : map.keySet()) {
            List<AuthorizationInfo> list = map.get(str);
            NamedRoleInfo namedRoleInfo = new NamedRoleInfo();
            namedRoleInfo.setAuthorizations(list);
            try {
                namedRoleInfo.setName(new DN(str).getRDN().getAttributeValues()[0]);
            } catch (LDAPException e) {
                namedRoleInfo.setName(str);
            }
            hashMap.put(str, Collections.singletonList(namedRoleInfo));
        }
        setNamedRoles(hashMap);
    }

    @Api
    public void setNamedRoles(Map<String, List<NamedRoleInfo>> map) {
        this.namedRoles = map;
        this.ldapRoleMapping = new HashMap();
        for (String str : map.keySet()) {
            if (!this.ldapRoleMapping.containsKey(str)) {
                this.ldapRoleMapping.put(str, new HashSet());
            }
            Iterator<NamedRoleInfo> it = map.get(str).iterator();
            while (it.hasNext()) {
                this.ldapRoleMapping.get(str).add(it.next().getName());
            }
        }
    }

    @Api
    public Map<String, List<NamedRoleInfo>> getNamedRoles() {
        return this.namedRoles;
    }

    public String convertPassword(String str, String str2) {
        return str2;
    }

    public UserInfo isAuthenticated(String str, String str2) {
        String replace = this.userDnTemplate.replace("{}", str);
        SearchResult execute = execute(createSearchRequest(replace), replace, str2);
        if (execute == null || execute.getSearchEntries().isEmpty()) {
            return null;
        }
        return getUserInfo((SearchResultEntry) execute.getSearchEntries().get(0));
    }

    public List<org.geomajas.security.UserInfo> getUsers(UserFilter userFilter) {
        ArrayList arrayList = new ArrayList();
        if (this.allUsersDn == null) {
            this.log.warn("Getting users from LDAP requires configuration of allUsersDn property");
        } else {
            SearchRequest createSearchRequest = createSearchRequest(this.allUsersDn);
            Filter filter = (Filter) userFilter.accept(new LdapFilterVisitor(), (Object) null);
            if (filter != null) {
                createSearchRequest.setFilter(Filter.createANDFilter(new Filter[]{createSearchRequest.getFilter(), filter}));
            }
            SearchResult execute = execute(createSearchRequest, null, null);
            if (execute != null) {
                Iterator it = execute.getSearchEntries().iterator();
                while (it.hasNext()) {
                    arrayList.add(getUserInfo((SearchResultEntry) it.next()));
                }
            }
        }
        return arrayList;
    }

    @Api
    public Filter convert(UserFilter userFilter) {
        this.log.warn("You should override the convert() method to support custom filtering!");
        return NONE;
    }

    protected SearchResult execute(SearchRequest searchRequest, String str, String str2) {
        LDAPConnection lDAPConnection = null;
        try {
            try {
                lDAPConnection = this.allowAllSocketFactory ? new LDAPConnection(new SSLUtil(new TrustAllTrustManager()).createSSLSocketFactory(), this.serverHost, this.serverPort) : new LDAPConnection(this.serverHost, this.serverPort);
                if (str != null) {
                    BindResult bind = lDAPConnection.bind(str, str2);
                    if (!bind.getResultCode().isConnectionUsable()) {
                        this.log.error("Connection not usable, result code : " + bind.getResultCode());
                    }
                }
                SearchResult search = lDAPConnection.search(searchRequest);
                if (null != lDAPConnection) {
                    lDAPConnection.close();
                }
                return search;
            } catch (LDAPException e) {
                if (!e.getMessage().startsWith("Unable to bind as user ")) {
                    this.log.error(e.getMessage(), e);
                }
                if (null == lDAPConnection) {
                    return null;
                }
                lDAPConnection.close();
                return null;
            } catch (GeneralSecurityException e2) {
                this.log.error(e2.getMessage(), e2);
                if (null == lDAPConnection) {
                    return null;
                }
                lDAPConnection.close();
                return null;
            }
        } catch (Throwable th) {
            if (null != lDAPConnection) {
                lDAPConnection.close();
            }
            throw th;
        }
    }

    private SearchRequest createSearchRequest(String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("cn");
        addAttribute(arrayList, this.givenNameAttribute);
        addAttribute(arrayList, this.surNameAttribute);
        addAttribute(arrayList, this.localeAttribute);
        addAttribute(arrayList, this.organizationAttribute);
        addAttribute(arrayList, this.divisionAttribute);
        addAttribute(arrayList, this.rolesAttribute);
        return new SearchRequest(str, SearchScope.SUB, Filter.createEqualityFilter("objectclass", "person"), (String[]) arrayList.toArray(new String[arrayList.size()]));
    }

    private UserInfo getUserInfo(SearchResultEntry searchResultEntry) {
        UserInfo userInfo = new UserInfo();
        userInfo.setUserId(searchResultEntry.getAttributeValue("cn"));
        String attributeValue = searchResultEntry.getAttributeValue(this.givenNameAttribute);
        String attributeValue2 = searchResultEntry.getAttributeValue(this.surNameAttribute);
        if (null == attributeValue) {
            attributeValue = attributeValue2;
        } else if (null != attributeValue2) {
            attributeValue = attributeValue + " " + attributeValue2;
        }
        userInfo.setUserName(attributeValue);
        userInfo.setUserLocale(searchResultEntry.getAttributeValue(this.localeAttribute));
        userInfo.setUserOrganization(searchResultEntry.getAttributeValue(this.organizationAttribute));
        userInfo.setUserDivision(searchResultEntry.getAttributeValue(this.divisionAttribute));
        userInfo.setRoles(getRoles(searchResultEntry));
        return userInfo;
    }

    private List<NamedRoleInfo> getRoles(SearchResultEntry searchResultEntry) {
        ArrayList arrayList = new ArrayList();
        if (null != this.defaultRole) {
            NamedRoleInfo namedRoleInfo = new NamedRoleInfo();
            namedRoleInfo.setName(DEFAULT_ROLE_NAME);
            namedRoleInfo.setAuthorizations(this.defaultRole);
            arrayList.add(namedRoleInfo);
        }
        String[] attributeValues = searchResultEntry.getAttributeValues(this.rolesAttribute);
        if (null != attributeValues) {
            for (String str : attributeValues) {
                List<NamedRoleInfo> list = this.namedRoles.get(str);
                if (list != null) {
                    arrayList.addAll(list);
                }
            }
        }
        return arrayList;
    }

    private void addAttribute(List<String> list, String str) {
        if (null != str) {
            list.add(str);
        }
    }
}
